Home' Asia Pacific Defence Reporter : APDR November 2016 Contents the infected rootkit onto the PLC and Step7 software,
modifying the codes and giving unexpected commands
to the PLC and causing the fast-spinning centrifuges to
tear themselves apart while returning a loop of normal
operations system values feedback to the users. The
malware reportedly ruined almost one fifth of Iran's
nuclear centrifuges, causing significant damage to
Iran’s nuclear program at the time.
Going back to Russia and China, both these
countries are now acknowledged as leading the
pack when it comes to nation-state sponsored
cyber hacking. China’s efforts usually hew closely to
economic espionage, exploiting gaps in networks and
security to produce economic accelerants through the
theft of intellectual property.
Russia, on the other hand, is widely known to use
cyberspace to gain political leverage through hacking
of personal and government accounts, and unleash
criminal organized gangs to do the state’s bidding.
When we talk about China’s cyber capabilities, the
thing that most often springs to mind is China’s
efforts at stealing military and industrial secrets for the
purpose of espionage and to develop its own industrial
and military capabilities.
It has been said that China’s military hacking
apparatus is so vast and successful in targeting
American companies that the U.S. Department of
Justice has called it a national security emergency,
amounting to hundreds of billions of dollars lost and
cost over two million American jobs.
Cybersecurity firm Mandiant has identified a People’s
Liberation Army (PLA) elite cyberwarfare unit based in
Shanghai as the source of hundreds of cyber attacks
targeting American interests. The unit, officially known
as Unit 61398, operates under the PLA’s Second
Bureau of the General Staff Department’s (GSD) Third
Department, which is focused on cyber surveillance
and monitoring of foreign electronic communications.
Mandiant also says Unit 61398 has a staff of
“hundreds if not thousands” of people, trained in
advanced network security, digital signal processing,
and covert communications who have access to an
extensive “infrastructure of computer systems around
To date, China’s cyber attacks on U.S . companies
continue essentially unabated, often barely masking
the near one-to-one correspondence to economic
interests. In addition, China has also been accused of
hacking other countries government and commercial
interests, including Australia.
Some of the more recent and high profile
cases include claims stemming from an Australian
Broadcasting Corporation report that China had
hacked and stolen classified blueprints of the new
Canberra headquarters of the Australian Security
Intelligence Organisation (ASIO).
According to the ABC’s Four Corners program in
2013, the plans were taken in an operation targeting a
contractor involved with building the site. In the same
report, Four Corners also found the departments of
Defence, Prime Minister and Cabinet, and Foreign
Affairs and Trade had all been breached in sustained
Similarly, in August this year, Four Corners again
revealed that the computer networks of a number of
government departments, including Austrade and the
Defence Science Technology Group, both suffered
significant cyber infiltrations by hackers based in China
in the past five years.
The program also said that Newsat Ltd, an Australian
satellite company which went into administration, was
so comprehensively infiltrated three years ago that
its entire network had to be rebuilt in secret. A hack
of the Australian Bureau of Meteorology (BoM) has
been attributed to China, although sources said
the true targets for the cyber attack may have been
defence assets linked to the BoM and its vast data-
These include the Australian Geospatial-Intelligence
Organisation, an intelligence agency within the
Department of Defence which provides highly detailed
mapping information for military and espionage
purposes, and the other was the Jindalee Operational
Radar Network (JORN), although in this case, the
cyber attack failed to reach into these networks, and
that it was "sandboxed", or contained within the BoM.
The Australian Signals Directorate (ASD) has
reportedly conducted detailed investigations into the
cyber intrusion, although it and the DSTG have
declined to comment when asked by Four Corners.
China, when asked about its role in such cyber attacks,
typically denies it had conducted any cyber espionage,
with a spokesman for the Chinese Embassy in
Canberra calling such allegations "totally groundless"
and "false clichés" when asked by the ABC.
However, it would be foolhardy just to look at
China’s cyber capabilities from the espionage angle
alone. The Chinese military has also been busy
developing a cyber capability aimed at disrupting an
adversary’s cyber network, which has so far gained
little attention outside of cyber defence circles.
Initial Chinese discussions about information
warfare and computer network operations stem from
the People’s Liberation Army’s (PLA) observations of
Operation Desert Storm in 1991. Broadly stated, this
operation made China aware of Information Technology
(IT) use during war.
The PLA not only observed the operational
effectiveness of using IT to connect different
fighting forces involved in warfare, but also learned
about exploiting potential vulnerabilities within this
new system. Operation Desert Storm sparked
new doctrinal thinking within the PLA leadership,
including the drafting of new strategies for fighting
However, after 1991, PLA leaders soon realized the
“potential for...enhanced information warfare, networks
of systems, and ‘digitized’ combat forces.” according to
researcher Samuel Klein writing in the Cyber Defence
Review. In particular, the PLA discussed the need to
modernize their armed forces and develop a strategy
for fighting information warfare.
The PLA referred to this new strategy as “fighting
local wars under conditions of informationalization”,
with the term first appearing in China’s 2004 Defence
White Paper, which also notes that “the forms of
war are undergoing changes from mechanization to
Ultimately, according to Klein, China plans to
overlay advanced information systems on much of
its current force structure to create a fully networked
command and control infrastructure. The infrastructure
is then expected to be capable of coordinating military
operations on land, at sea, in the air, in space and
across the electromagnetic spectrum.
This army of devices taken over by Mirai, also called a botnet, was
responsible in part for the attack launched at Dyn, according to
researchers at security firm Flashpoint.
One of the first conclusions that can be drawn in the face of
increasingly sophisticated hacks is that the internet is frightfully
vulnerable to malicious actors.
Asia Pacific Defence Reporter NOV 2016 21
25/10/2016 9:43 AM
Links Archive APDR October 2016 APDR Dec16/Jan17 Navigation Previous Page Next Page